TP6+Swoole4 reverse proxy configuration

Time:2022-11-25

Nginx reverse proxy configuration
First of all, before configuring the reverse proxy, the previously configured pseudo-static should be deleted, otherwise an error will be reported when saving
The following is the complete configuration of the reverse proxy, please note that the port number [8000] is currently the port number in the server.port configuration in the config\swoole.php file
location ~* .(php|jsp|cgi|asp|aspx)${

proxy_pass http://127.0.0.1:8000;    
proxy_set_header Host $host;    
proxy_set_header X-Real-IP $remote_addr;    
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    
proxy_set_header REMOTE-HOST $remote_addr;

}
location /
{

proxy_pass http://127.0.0.1:8000;    proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;

add_header X-Cache $upstream_cache_status;

#Set Nginx Cache

    add_header Cache-Control no-cache;
expires 12h;

} copy code
Those that need to be compatible with wss and ws protocols can be configured in the following way, only need to replace the configuration interface in location /{} – Compatible
If you use the pagoda deployment project, you can directly copy the following code to replace the code at the location /{} position in the reverse proxy configuration, and change the configuration in the reverse proxy. Don’t make mistakes;
location /{

proxy_pass http://127.0.0.1:8000;    
proxy_http_version 1.1;    
proxy_read_timeout 360s;       
proxy_redirect off;     
proxy_set_header Upgrade $http_upgrade;   
proxy_set_header Connection "upgrade";    
proxy_set_header Host $host;   
proxy_set_header X-Real-IP $remote_addr;    
proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;    
proxy_set_header REMOTE-HOST $remote_addr;        
add_header X-Cache $upstream_cache_status;        
#Set Nginx Cache           
    add_header Cache-Control no-cache;    
expires 12h;

} copy code
Long connection access address

Use ws protocol to connect socket under http protocol access, no need to add port, it has been proxied to port 8000 by reverse proxy

The swoole can be compatible with multiple protocols on one port

ws://www.test.com

Use wss protocol to connect socket under https protocol access

It can be seen that the current socket connection methods of ws and wss are the same, which reduces a lot of problems in configuring wss

wss://www.test.comCopy code
Apache reverse proxy configuration
Apache’s reverse proxy configuration code is simple, but cumbersome, and requires reverse proxy configuration on ports 80 and 443
If there is a better configuration method, please give pointers
http.conf opens the proxy module
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.soCopy code
Configure SSL
If you need HTTPS access, you must do this configuration, otherwise wss will not be available
Http protocol reverse proxy configuration
<VirtualHost *:80>

…the configuration in the middle is not explained

ProxyRequests Off
ProxyPass /ws ws://127.0.0.1:8000
ProxyPassReverse /ws ws://127.0.0.1:8000 ProxyPass / http://127.0.0.1:8000
ProxyPassReverse / http://127.0.0.1:8000

</VirtualHost>

<VirtualHost *:443>

…the configuration in the middle does not explain ProxyRequests Off

ProxyPass /ws ws://127.0.0.1:8000
ProxyPassReverse /ws ws://127.0.0.1:8000

ProxyPass / http://127.0.0.1:8000
ProxyPassReverse / http://127.0.0.1:8000</VirtualHost>copy code
In fact, the reverse proxy configuration in 80 and 443 is the same. However, it is necessary to put the reverse proxy configuration into the port configuration of 443 to achieve it.
The http reverse proxy configuration here is the same as nginx, but
socket
The connection is different from nginx, you need to add ws after the domain name to connect, this ws is just a virtual directory name, you can change the name at will
Long connection access address

Connect the socket under the http protocol. Note that in the apache state, you must add /ws after the domain name because your reverse proxy is proxying to the virtual directory ws

ws://www.test.com/ws

The socket is connected under the https protocol, and the connection address is the same as that under the http protocol

wss://www.test.com/wsCopy code
If you are not sure whether the user installed apache or nginx; but your long connection must add /ws under apache, you can add an interface configuration to return nginx or apache, and the service resolver type cannot be obtained in Swoole operation mode, then use rude The method of adding a database system configuration allows users to choose;
If you think this article is useful to you, please give our open source project a little star:http://github.crmeb.net/u/defuGreatful!

Recommended Today

Client cannot authenticate XXX:[TOKEN, KERBEROS]

Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate xxx:[TOKEN, KERBEROS] The security authentication failed, and the cause analysis is as follows:1. Check whether the Kerberos address can be connected normally // kdc’s ip System.setProperty(“java.security.krb5.kdc”, “192.168.1.1”); // realm System.setProperty(“java.security.krb5.realm”, “XXX”); 2. The configuration file failed to be read successfully UserGroupInformation.loginUserFromKeytab(user name, path to keytab file); It is recommended […]